main/nss: security upgrade to 3.15.4 (CVE-2013-1740)

fixes #2645 fixes #2573
author: Natanael Copa <ncopa@alpinelinux.org> 2014-03-03 12:37:53 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2014-03-03 12:56:10 +0000
commit: 9876a50d3c6ce056eaf83310cda96485a8b2e850 (patch)
tree: f174d5e628046dda1186faa9aaea24258ce04be9 /main
parent: f6c7eafa58af0756ef1dd2ba755b7fd81b9e578a (diff)
download: aports-9876a50d3c6ce056eaf83310cda96485a8b2e850.tar.bz2
aports-9876a50d3c6ce056eaf83310cda96485a8b2e850.tar.xz
6 files changed, 42 insertions, 213 deletions
diff --git a/main/nss/80_security_tools.patch b/main/nss/80_security_tools.patch
deleted file mode 100644
index 9357e90916..0000000000
--- a/main/nss/80_security_tools.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-## 80_security_tools.patch by Mike Hommey <glandium@debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Enable building of some NSS tools.
-## DP: Disable rpath.
-
-Index: nss/mozilla/security/nss/cmd/platlibs.mk
-===================================================================
---- nss.orig/mozilla/security/nss/cmd/platlibs.mk	2012-10-05 14:46:28.387226831 +0200
-+++ nss/mozilla/security/nss/cmd/platlibs.mk	2012-10-05 14:46:39.931118977 +0200
-@@ -8,6 +8,7 @@
- # set RPATH-type linker instructions here so they can be used in the shared
- # version and in the mixed (static nss libs/shared NSPR libs) version.
- 
-+ifdef ENABLE_RPATH
- ifeq ($(OS_ARCH), SunOS) 
- ifeq ($(USE_64), 1)
- EXTRA_SHARED_LIBS += -R '$$ORIGIN/../lib:/usr/lib/mps/secv1/64:/usr/lib/mps/64'
-@@ -31,6 +32,7 @@
- else
- DBMLIB = $(DIST)/lib/$(LIB_PREFIX)dbm.$(LIB_SUFFIX) 
- endif
-+endif
- 
- ifdef USE_STATIC_LIBS
- 
diff --git a/main/nss/85_security_load.patch b/main/nss/85_security_load.patch
deleted file mode 100644
index 11cc8dd219..0000000000
--- a/main/nss/85_security_load.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-## 85_security_load.patch by Mike Hommey <glandium@debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Load modules from $ORIGIN/nss.
-
-Index: nss/mozilla/security/nss/cmd/shlibsign/shlibsign.c
-===================================================================
---- nss.orig/mozilla/security/nss/cmd/shlibsign/shlibsign.c	2012-10-05 14:46:30.599206535 +0200
-+++ nss/mozilla/security/nss/cmd/shlibsign/shlibsign.c	2012-10-05 14:46:41.883100266 +0200
-@@ -852,6 +852,8 @@
-     libname = PR_GetLibraryName(NULL, "softokn3");
-     assert(libname != NULL);
-     lib = PR_LoadLibrary(libname);
-+    if (!lib)
-+        lib = PR_LoadLibrary("/usr/lib/nss/libsoftokn3.so");
-     assert(lib != NULL);
-     PR_FreeLibraryName(libname);
- 
-Index: nss/mozilla/security/nss/lib/pk11wrap/pk11load.c
-===================================================================
---- nss.orig/mozilla/security/nss/lib/pk11wrap/pk11load.c	2012-10-05 14:46:28.331227343 +0200
-+++ nss/mozilla/security/nss/lib/pk11wrap/pk11load.c	2012-10-05 14:46:41.883100266 +0200
-@@ -406,6 +406,13 @@
- 	 * unload the library if anything goes wrong from here on out...
- 	 */
- 	library = PR_LoadLibrary(mod->dllName);
-+	if ((library == NULL) &&
-+	    !rindex(mod->dllName, PR_GetDirectorySeparator())) {
-+            library = PORT_LoadLibraryFromOrigin(my_shlib_name,
-+                                      (PRFuncPtr) &softoken_LoadDSO,
-+                                      mod->dllName);
-+	}
-+
- 	mod->library = (void *)library;
- 
- 	if (library == NULL) {
-Index: nss/mozilla/security/nss/lib/util/secload.c
-===================================================================
---- nss.orig/mozilla/security/nss/lib/util/secload.c	2012-10-05 14:46:28.331227343 +0200
-+++ nss/mozilla/security/nss/lib/util/secload.c	2012-10-05 14:46:41.883100266 +0200
-@@ -69,9 +69,14 @@
- 
-     /* Remove the trailing filename from referencePath and add the new one */
-     c = strrchr(referencePath, PR_GetDirectorySeparator());
-+    if (!c) { /* referencePath doesn't contain a / means that dladdr gave us argv[0]
-+               * and program was called from $PATH. Hack to get libs from /usr/lib */
-+        referencePath = "/usr/lib/";
-+        c = &referencePath[8]; /* last / */
-+    }
-     if (c) {
-         size_t referencePathSize = 1 + c - referencePath;
--        fullName = (char*) PORT_Alloc(strlen(name) + referencePathSize + 1);
-+        fullName = (char*) PORT_Alloc(strlen(name) + referencePathSize + 5);
-         if (fullName) {
-             memcpy(fullName, referencePath, referencePathSize);
-             strcpy(fullName + referencePathSize, name); 
-@@ -81,6 +86,12 @@
- #endif
-             libSpec.type = PR_LibSpec_Pathname;
-             libSpec.value.pathname = fullName;
-+            if ((referencePathSize >= 4) &&
-+                (strncmp(fullName + referencePathSize - 4, "bin", 3) == 0)) {
-+                memcpy(fullName + referencePathSize -4, "lib", 3);
-+            }
-+            strcpy(fullName + referencePathSize, "nss/");
-+            strcpy(fullName + referencePathSize + 4, name);
-             dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL
- #ifdef PR_LD_ALT_SEARCH_PATH
-             /* allow library's dependencies to be found in the same directory
-@@ -88,6 +99,10 @@
-                                           | PR_LD_ALT_SEARCH_PATH 
- #endif
-                                           );
-+            if (! dlh) {
-+                strcpy(fullName + referencePathSize, name);
-+                dlh = PR_LoadLibraryWithFlags(libSpec, PR_LD_NOW | PR_LD_LOCAL);
-+            }
-             PORT_Free(fullName);
-         }
-     }
diff --git a/main/nss/APKBUILD b/main/nss/APKBUILD
index 4d6b3d047e..d499365208 100644
--- a/main/nss/APKBUILD
+++ b/main/nss/APKBUILD
@@ -1,9 +1,8 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=nss
-pkgver=3.14.5
-_pkgver=3.14.1
+pkgver=3.15.4
 _ver=${pkgver//./_}
-pkgrel=0
+pkgrel=1
 pkgdesc="Mozilla Network Security Services"
 url="http://www.mozilla.org/projects/security/pki/nss/"
 arch="all"
@@ -11,15 +10,11 @@ license="MPL GPL"
 depends=
 makedepends="nspr-dev sqlite-dev zlib-dev perl"
 subpackages="$pkgname-dev $pkgname-tools"
-#source="ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_14_1_WITH_CKBI_1_93_RTM/src/${pkgname}-3.14.1.with.ckbi.1.93.tar.gz
 source="ftp://ftp.mozilla.org/pub/security/$pkgname/releases/NSS_${_ver}_RTM/src/$pkgname-$pkgver.tar.gz
 	nss.pc.in
 	nss-config.in
-	80_security_tools.patch
-	85_security_load.patch
-	95_add_spi+cacert_ca_certs.patch
-	97_ssl_renegotiate_transitional.patch
-	lower-dhe-priority.patch
+	add_spi+cacert_ca_certs.patch
+	ssl-renegotiate-transitional.patch
 	"
 depends_dev="nspr-dev"
 
@@ -34,7 +29,7 @@ prepare() {
 
 	# Respect LDFLAGS
 	sed -i -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/g' \
-		mozilla/security/coreconf/rules.mk
+		nss/coreconf/rules.mk
 
 }
 
@@ -46,15 +41,16 @@ build() {
 	export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
 	export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
 	export FREEBL_NO_DEPEND=0
+	export NSS_USE_SYSTEM_SQLITE=1
 	export NSPR_INCLUDE_DIR=`pkg-config --cflags-only-I nspr | sed 's/-I//'`
 	export NSPR_LIB_DIR=`pkg-config --libs-only-L nspr | sed 's/-L.//'`
 	export XCFLAGS="${CFLAGS}"
 	if [ "$CARCH" = "x86_64" ]; then
 		export USE_64=1
 	fi
-	make -j 1 -C mozilla/security/coreconf || return 1
-	make -j 1 -C mozilla/security/dbm || return 1
-	make -j 1 -C mozilla/security/nss || return 1
+	make -j 1 -C nss/coreconf || return 1
+	make -j 1 -C nss/lib/dbm || return 1
+	make -j 1 -C nss || return 1
 }
 
 package() {
@@ -66,10 +62,10 @@ package() {
 	install -m755 -d "$pkgdir"/usr/bin
 	install -m755 -d "$pkgdir"/usr/include/nss
 
-	NSS_VMAJOR=`awk '/#define.*NSS_VMAJOR/ {print $3}' mozilla/security/nss/lib/nss/nss.h `
+	NSS_VMAJOR=`awk '/#define.*NSS_VMAJOR/ {print $3}' nss/lib/nss/nss.h `
 	msg "DEBUG: $NSS_VMAJOR"
-	NSS_VMINOR=`awk '/#define.*NSS_VMINOR/ {print $3}' mozilla/security/nss/lib/nss/nss.h`
-	NSS_VPATCH=`awk '/#define.*NSS_VPATCH"/ {print $3}' mozilla/security/nss/lib/nss/nss.h`
+	NSS_VMINOR=`awk '/#define.*NSS_VMINOR/ {print $3}' nss/lib/nss/nss.h`
+	NSS_VPATCH=`awk '/#define.*NSS_VPATCH"/ {print $3}' nss/lib/nss/nss.h`
 
 	# pkgconfig files
 	sed "$srcdir"/nss.pc.in \
@@ -77,8 +73,8 @@ package() {
 		-e "s,%prefix%,/usr,g" \
 		-e "s,%exec_prefix%,/usr/bin,g" \
 		-e "s,%includedir%,/usr/include/nss,g" \
-		-e "s,%NSPR_VERSION%,$_pkgver,g" \
-		-e "s,%NSS_VERSION%,$_pkgver,g" \
+		-e "s,%NSPR_VERSION%,$pkgver,g" \
+		-e "s,%NSS_VERSION%,$pkgver,g" \
 		> "$pkgdir"/usr/lib/pkgconfig/nss.pc \
 		|| return 1
 	ln -sf nss.pc "$pkgdir"/usr/lib/pkgconfig/mozilla-nss.pc || return 1
@@ -95,25 +91,25 @@ package() {
 		-e "s,@MOD_PATCH_VERSION@,${NSS_VPATCH},g" \
 		> "$pkgdir"/usr/bin/nss-config || return 1
 	chmod 755 "$pkgdir"/usr/bin/nss-config || return 1
-	local minor=${_pkgver#*.}
+	local minor=${pkgver#*.}
 	minor=${minor%.*}
 	for file in libsoftokn3.so libfreebl3.so libnss3.so libnssutil3.so \
 			libssl3.so libsmime3.so libnssckbi.so libnssdbm3.so; do
-		install -m755 mozilla/dist/*.OBJ/lib/${file} \
+		install -m755 dist/*.OBJ/lib/${file} \
 			"$pkgdir"/usr/lib/${file}.$minor || return 1
 		ln -s $file.$minor "$pkgdir"/usr/lib/$file
 	done
-	install -m644 mozilla/dist/*.OBJ/lib/libcrmf.a "$pkgdir"/usr/lib/ \
+	install -m644 dist/*.OBJ/lib/libcrmf.a "$pkgdir"/usr/lib/ \
 		|| return 1
-	install -m644 mozilla/dist/*.OBJ/lib/*.chk "$pkgdir"/usr/lib/ \
+	install -m644 dist/*.OBJ/lib/*.chk "$pkgdir"/usr/lib/ \
 		|| return 1
 	
 	for file in certutil cmsutil crlutil modutil pk12util shlibsign \
 			signtool signver ssltap; do
-		install -m755 mozilla/dist/*.OBJ/bin/${file} "$pkgdir"/usr/bin/\
+		install -m755 dist/*.OBJ/bin/${file} "$pkgdir"/usr/bin/\
 			|| return 1
 	done
-	install -m644 mozilla/dist/public/nss/*.h "$pkgdir"/usr/include/nss/ \
+	install -m644 dist/public/nss/*.h "$pkgdir"/usr/include/nss/ \
 		|| return 1
 }
 
@@ -144,27 +140,18 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-md5sums="73cf5c23206f7d333853aea697a0e7c9  nss-3.14.5.tar.gz
+md5sums="74738d89615665e3547dc2c0602ab0e6  nss-3.15.4.tar.gz
 c547b030c57fe1ed8b77c73bf52b3ded  nss.pc.in
 46bee81908f1e5b26d6a7a2e14c64d9f  nss-config.in
-262714f8f8e206dc9ea5270683a4f34f  80_security_tools.patch
-e737ca88170023c9243dc4bda4730d42  85_security_load.patch
-4ce81c80d381337b8e048ef3cb0b6005  95_add_spi+cacert_ca_certs.patch
-83bd48daebc54d588f718c4054a62318  97_ssl_renegotiate_transitional.patch
-629faf8cc95ba10cfef9066a5c07eaf8  lower-dhe-priority.patch"
-sha256sums="61f3493117483c85ef343fc7f22e1b3b7bff14580c632523d939eea8c5849216  nss-3.14.5.tar.gz
+981e0df9e9cb7a9426b316f68911fb17  add_spi+cacert_ca_certs.patch
+2412ff2e97b3ec452cb016f2506a0e08  ssl-renegotiate-transitional.patch"
+sha256sums="14d69a0735c5af6b3cc12591f7ebf272203e889f09104182148091d0af682d7c  nss-3.15.4.tar.gz
 b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd  nss.pc.in
 e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9  nss-config.in
-d9580965d7a01ee2e8a4b675aa1cbb37ed6b9d95ab3a6157639bfb7f51aa246a  80_security_tools.patch
-ec90e68260fa4c8343a894d0d03ca1f93e4730c612d2ef5ed66d2f03f1c242d2  85_security_load.patch
-5550bd42d06fdc59530a8e228c40e6d66c8a3a55bc92dae1df51954a0f9f3579  95_add_spi+cacert_ca_certs.patch
-21de95d23b3788bfd01249d61ea52010e44214e2c0126974b585c107c85b104a  97_ssl_renegotiate_transitional.patch
-fa8f10ff7d40b43161dd1b53acf875323aef7a5317bcc72bd6a69a7bd076624a  lower-dhe-priority.patch"
-sha512sums="ef35939d6b4627df0e562da7b0f1bb599c8f7cf09f7baa9fc059ddd725a91a4d34204a22e05e3aa9b2a609c085834f611f9e6ff2dde69e16e9cd7e7c74a86ddf  nss-3.14.5.tar.gz
+592aa85184c5edb076c3355f85e50373a59dfcd06a4f4a79621f43df19404c1e  add_spi+cacert_ca_certs.patch
+1a49be9d7f835be737825252f50e4ee2869228eb303a087dde7fb81794b92ebd  ssl-renegotiate-transitional.patch"
+sha512sums="21ca81b636f7e230715556bc874d5c1c4f370c6fe57a39cb12fa349d0414a88e13aa931060613a793f7267868e026eaf167cbab5f2a5e8759e7a4b176d97fc6a  nss-3.15.4.tar.gz
 75dbd648a461940647ff373389cc73bc8ec609139cd46c91bcce866af02be6bcbb0524eb3dfb721fbd5b0bc68c20081ed6f7debf6b24317f2a7ba823e8d3c531  nss.pc.in
 2971669e128f06a9af40a5ba88218fa7c9eecfeeae8b0cf42e14f31ed12bf6fa4c5ce60289e078f50e2669a9376b56b45d7c29d726a7eac69ebe1d1e22dc710b  nss-config.in
-5b618edccc63b1bf9c6e51a1863f6a92b42de1dfb59d1726f3d04c194fc3ff9fe21e1894f3dfd092c6427fa79a5e767344daedfc1b7db225016adde5d73ceb47  80_security_tools.patch
-237283427f091141da22418556ecd432948ff67dfec90f23181da35e4c2218d0a6ba307cecea8079feaf6a92fab677050f252564e7c01642869aa16c0ef58909  85_security_load.patch
-6a20b99c9c60e199072c9bbccb97c3855fce4dd4625a22c6f3a24787ea70890a94eda01b037e9764b223b52d83b47c5c5254a62347ec8b751cab65917c8475a6  95_add_spi+cacert_ca_certs.patch
-63bd776f22b085e6cf11bebfa25cf5aebeb3e08713957f0d9ee0f465f8fa563313cfd0ce6696bcb1a5eeaa5688d2dcb862b8d0eacfe4dcbafd816540d72bebb1  97_ssl_renegotiate_transitional.patch
-3d0845acaf83f35f4733a4461d6eb63558c7b9823365c39f3184a014bb6bf1cbf41f7a633be1c2f37f3335eae272f54b4356dbbed8c0b6e2f95c1abeec5e8859  lower-dhe-priority.patch"
+6e04556858499aec465d6670818465327ba2cb099061c2afee4b5cac8aa61938e0095906acfb38df6a1b70a6bde6dd69f08bb4c00a9d188e4cb3131b26c1bc16  add_spi+cacert_ca_certs.patch
+c21a82247d87d74cb27575efc517a6771476320ce412cd444e83d0782e29f82552676247da093518b07d3eb7dc67c53cd1901ee8d6f59b342d02e47784c39192  ssl-renegotiate-transitional.patch"
diff --git a/main/nss/95_add_spi+cacert_ca_certs.patch b/main/nss/add_spi+cacert_ca_certs.patch
index 5420bbffa9..ccf9731038 100644
--- a/main/nss/95_add_spi+cacert_ca_certs.patch
+++ b/main/nss/add_spi+cacert_ca_certs.patch
@@ -1,17 +1,10 @@
-## 95_add_spi+cacert_ca_certs.patch by martin f. krafft <madduck@debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Adds the SPI Inc. and CAcert.org CA certificates
-
-Index: nss/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
-===================================================================
---- nss.orig/mozilla/security/nss/lib/ckfw/builtins/certdata.txt	2013-01-04 11:14:44.704055110 +0100
-+++ nss/mozilla/security/nss/lib/ckfw/builtins/certdata.txt	2013-01-04 11:14:44.700055209 +0100
-@@ -24783,3 +24783,558 @@
- CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
- CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
+--- a/nss/lib/ckfw/builtins/certdata.txt
++++ b/nss/lib/ckfw/builtins/certdata.txt
+@@ -20926,3 +20926,558 @@ CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
+ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
  CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-+ 
++
 +#
 +# Certificate "CAcert.org Class 1 Root CA"
 +#
diff --git a/main/nss/lower-dhe-priority.patch b/main/nss/lower-dhe-priority.patch
deleted file mode 100644
index 970e2fcafe..0000000000
--- a/main/nss/lower-dhe-priority.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-https://bugzilla.mozilla.org/show_bug.cgi?id=583337
-List TLS_DHE_RSA_WITH_AES_256_CBC_SHA after TLS_RSA_WITH_AES_256_CBC_SHA
-in SSL ClientHello to communicate securely with some servers that use
-256-bit DH keys.
-
-Index: nss/mozilla/security/nss/lib/ssl/ssl3con.c
-===================================================================
---- nss.orig/mozilla/security/nss/lib/ssl/ssl3con.c	2012-10-05 14:46:07.000000000 +0200
-+++ nss/mozilla/security/nss/lib/ssl/ssl3con.c	2012-10-05 14:50:36.387931139 +0200
-@@ -82,7 +82,6 @@
- #endif /* NSS_ENABLE_ECC */
-  { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,  SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-  { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,  SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 	   SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE},
-  { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, 	   SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE},
- #ifdef NSS_ENABLE_ECC
-  { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,      SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-@@ -90,6 +89,7 @@
- #endif /* NSS_ENABLE_ECC */
-  { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,  	   SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-  { TLS_RSA_WITH_AES_256_CBC_SHA,     	   SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE},
-+ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, 	   SSL_NOT_ALLOWED, PR_TRUE,PR_FALSE},
- 
- #ifdef NSS_ENABLE_ECC
-  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,       SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
-Index: nss/mozilla/security/nss/lib/ssl/sslenum.c
-===================================================================
---- nss.orig/mozilla/security/nss/lib/ssl/sslenum.c	2012-10-05 14:46:07.000000000 +0200
-+++ nss/mozilla/security/nss/lib/ssl/sslenum.c	2012-10-05 14:48:39.701727613 +0200
-@@ -35,7 +35,6 @@
- #endif /* NSS_ENABLE_ECC */
-     TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
--    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
-     TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
- #ifdef NSS_ENABLE_ECC
-     TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-@@ -43,6 +42,7 @@
- #endif /* NSS_ENABLE_ECC */
-     TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-     TLS_RSA_WITH_AES_256_CBC_SHA,
-+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
- 
-     /* 128-bit */
- #ifdef NSS_ENABLE_ECC
diff --git a/main/nss/97_ssl_renegotiate_transitional.patch b/main/nss/ssl-renegotiate-transitional.patch
index c09b813387..3796715cb0 100644
--- a/main/nss/97_ssl_renegotiate_transitional.patch
+++ b/main/nss/ssl-renegotiate-transitional.patch
@@ -6,16 +6,16 @@ to continue to renegotiate with vulnerable servers.
 This value should only be used during the transition period when few
 servers have been upgraded.
 
-Index: nss/mozilla/security/nss/lib/ssl/sslsock.c
-===================================================================
---- nss.orig/mozilla/security/nss/lib/ssl/sslsock.c	2012-10-05 14:46:07.223624005 +0200
-+++ nss/mozilla/security/nss/lib/ssl/sslsock.c	2012-10-05 14:48:26.905899063 +0200
-@@ -150,7 +150,7 @@
+diff --git a/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
+index f1d1921..c074360 100644
+--- a/nss/lib/ssl/sslsock.c
++++ b/nss/lib/ssl/sslsock.c
+@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
      PR_FALSE,   /* noLocks            */
      PR_FALSE,   /* enableSessionTickets */
      PR_FALSE,   /* enableDeflate      */
 -    2,          /* enableRenegotiation (default: requires extension) */
 +    3,          /* enableRenegotiation (default: transitional) */
      PR_FALSE,   /* requireSafeNegotiation */
-     PR_FALSE,   /* enableFalseStart   */
-     PR_TRUE     /* cbcRandomIV        */
+ };
+
author	Natanael Copa <ncopa@alpinelinux.org>	2014-03-03 12:37:53 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2014-03-03 12:56:10 +0000
commit	9876a50d3c6ce056eaf83310cda96485a8b2e850 (patch)
tree	f174d5e628046dda1186faa9aaea24258ce04be9 /main
parent	f6c7eafa58af0756ef1dd2ba755b7fd81b9e578a (diff)
download	aports-9876a50d3c6ce056eaf83310cda96485a8b2e850.tar.bz2 aports-9876a50d3c6ce056eaf83310cda96485a8b2e850.tar.xz